5 Tips for Keeping Your WordPress Site Secure

Craig Junghändel

You are here: Home/WordPress/ 5 Tips for Keeping Your WordPress Site Secure

Your website is like a building – if you choose to start with shoddy materials you will end up with a bad foundation that costs more money in the long term to fix. I have had numerous clients come to me with sites that were rife with bugs, hijacked by spammers, injected with malware, or just flat-out not working.

In most situations, I was called in to fix websites that had been created on the cheap, by a friend-of-a-friend, and it was clear when I looked at the bones of the site that whomever had built the site had cut corners…or even worse, had no idea what they were doing. When the site was passed off to the client, on the surface there was a coat of fresh paint, but under that…electrical that looked like spaghetti and plumbing about to burst.

Why do hackers love WordPress?

As of March 2016, WordPress is nearing a 60% CMS market share, and is responsible for powering over 26% of all websites currently online. For those of you not hip to the term “CMS”, it stands for “content management system”. Websites built on a CMS like WordPress account for the majority of most modern sites because they allow non-developers to manage the content, but with this ease of use comes a few trade-offs…

Given it’s overwhelming popularity and huge adoption rate among beginner-level users, WordPress has become the number one website platform targeted by hackers. For one, the average user is going to be a lot more susceptible to a site compromise due to a lack of knowing how to prevent getting hacked. Second, the average site owner is less likely to even know they’ve been hacked – meaning the site could be quietly hijacked for weeks, months or even years without them knowing it.

Here are five steps to help ensure that your “house” stays in order – keeping the hackers out and the bugs at bay:

1) Use Trusted Plugins

Considering there are over 40,000 plugins available for free on the WordPress repository, it’s tempting to want to install a whole bunch and try them out, but that can be quite dangerous. Untrusted, poorly-coded or abandoned plugins are the #1 gateway for site compromises. Before you install that shiny new plugin that sounds absolutely perfect for your site, be sure to have a look at the ratings, reviews and support forum. Is it a popular plugin? Does it have good reviews? Is it being actively updated? Does the developer respond to user questions? If you can answer yes to those 4 questions, then you’re probably pretty safe installing it. On the other hand, if you see that the plugin hasn’t been updated in over 2 years, it’s got a 2 star rating, or maybe only 43 people have downloaded it, then you might want to look elsewhere.

2) Use a Unique User ID and a Strong Password

Another method hackers will use to access your site is called a brute force attack. This is where bots are sent out to repeatedly try different combinations of user IDs and passwords in an attempt to guess a site’s login credentials. These attacks are on the rise, however, they’re easily preventable. Security plugins can help with detecting and banning these malicious hacker bots, but the easiest way to thwart these attacks is by using a unique user ID and a strong password. The latest version of WordPress has a built in password strength meter, so it will tell you if your password is up to snuff or not.

3) Keep everything updated

A modern WordPress website requires maintenance. Similar to how your computer or phone requires occasional patches and upgrades, your WordPress site needs these as well. If you’re not actively updating your WP version, theme and plugin scripts when new patches are released, then you’re at a much greater risk of vulnerability. WordPress and all of its wonderful little plugins require constant upgrades, and keep in mind that over 70% of the updates are focused on security patches or bug fixes, not new features or functionality. This is yet another reason why it’s important to use trusted plugins which are actively supported.

4) Use a Trusted Theme

Even more tempting than trying out a new plugin, is trying on a new theme for your WordPress site, but installing new themes also comes with the same warning. Before uploading that gorgeous template with the color scheme you crave and the built-in home page image scroller, make sure that it’s actively developed and supported. There are a ton of free themes available on places like the WordPress repository, but many of them are poorly-coded or the projects have been abandoned. When it comes to choosing a free theme, look at some of the more popular ones, which offer updates and good support. If you have it in your budget, a commercial theme is generally a good bet, but once again, be sure that it’s offered by a reputable theme developer and not some slick fly-by-night operation.

5) Don’t Go for Cheap, Crappy Hosting

You might think that all website hosting is pretty much equal, and that the best choice is often the cheapest, but that’s not the case. The place where you store your site is very important to its health and safety. Quality web hosting is not something you can expect to purchase for $4 per month, and be advised that if you do see hosting offered at less than $5/mo., chances are the web servers will be grossly overcrowded. Overcrowded servers are less stable and reliable, plus you have no idea how many spam sites might be operating right next to you. Cheap hosts are also typically a lot less stringent when it comes to security, which means your site can be in danger if it’s situated within a bad online neighborhood.

When choosing a host, be sure to do your homework and look for a provider with good reviews by legitimate users. A great place to search for user feedback is webhostingtalk.com, however, if you want to avoid the hassle of having to weed through a myriad of choices for web hosting, then just use us! iArtisan offers some excellent hosting options specifically tailored for WordPress.

Or…you can just let us handle it

Of course, one of the reasons that these issues come up is due to clients wanting to do upkeep on their own website, but then never getting the chance, and updates don’t get done. At iArtisan we want you to be able to focus on your main business – making money and being successful. Let us manage your site’s upkeep and security so that you have a reliable website that continues to attract customers for years to come.